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Reply to Office Action of December 23, 2009 

REMARKS 

In response to the Office Action mailed December 23, 2009, Applicants respectfully 
request reconsideration. Claims 7 and 11-31 were previously pending in this application. By 
this amendment, no claims have been amended or added. As a result, claims 7 and 11-31 are 
pending for examination with claims 7, 19 and 24 being independent. No new matter has been 
added. 

Examiner Interview 

Applicants thank the Examiner for a telephone interview held on December 10, 2009. 
The telephone interview was initiated by the Examiner. During the interview, the limitation of 
claim 1 reciting "when an application is initiated and binds a socket to a local port, at least the 
local port from the socket is stored, and when parameters of the application match a condition in 
an application rule of the policy object model, instantiating at least one template using at least 
the stored local port to create at least one policy for the application" was discussed. In particular, 
Applicants explained the support for the above limitation of claim 1 in Exhibit C of the 
Applicants' specification. 

Rejections Under 35 U.S.C. §103 
The Office Action rejected claims 7-31 under 35 U.S.C. §103(a) as allegedly being 
obvious over U.S. Patent Publication No. 2004/0243835 ("Terzis") in view of U.S. Patent 
Publication No. 2002/0099952 ("Lambert"). Applicants respectfully disagree. 

I. Independent Claim 7 

The cited references do not meet all limitations of claim 7. 

Claim 7 recited, inter alia, "when an application is initiated and binds a socket to a local 
port, at least the local port from the socket is stored, and when parameters of the application 
match a condition in an application rule of the policy object model, instantiating at least one 
template using at least the stored local port to create at least one policy for the application." 
Terzis and Lambert do not teach or suggest at least the above limitation of claim 7. 
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On page 3, the Office Action states that "according to the interview, the Applicant said 
that support for 'when an application is initiated and binds a socket to a local port (Claim 1)' was 
taught by 'on the other hand, if its not a client instantiation, only local 3-tuple, i.e. local address, 
protocol, and local port are available' wherein the local port is available." Applicants 
respectfully note that, during the telephone interview, Applicants indicated that the whole 
passage on page 74 of Exhibit C, stating that "[w]hen client instantiation takes place, the full 5- 
tuple is available to instantiate the template. On the other hand, if it is not a client instantiation, 
only local 3-tuple, i.e. local address, protocol, and local port, available" supports the above 
limitation of claim 1. When either a 5-tuple or a 3-tuple is available to instantiate a template, the 
local port is available. 

Further, as was discussed during the interview, in the context of claim 1 , a local port is 
"available" when an application is initiated and binds a socket to the local port. Thus, 
instantiating at least one template is performed using the stored local port. For example, as 
pointed to by the Applicants during the interview, page 73 of Applicants' specification (Exhibit 
C) includes TransportTemplate, IPSecTemplate, and IPSecAuthorizationTemplate that are 
examples of the instantiation templates. None of the templates take a local port as a parameter. 
Instead, the templates use a respective "get" method to obtain the local port, which indicates that 
the local port condition is generated when an application is initiated and binds a socket to the 
local port. 

On page 3, the Office Action states that, in paragraphs 0083-0094, Terzis "teaches 
observing an incoming packet for low identification data (e.g., source port, source IP address, 
destination port, destination IP address, IP protocol, VLAN-ID)" within the header of the 
packet." The Office Action also states that "Terzis in the same paragraphs further teaches 
'Classification involves searching the N-tuple against a rule set.' This is similar to the 
determining whether the application is 3-tuple or 5-tuple as described in pages 73-74 of the 
Appendix." Applicants respectfully disagree with this interpretation of Terzis. In Terzis, the N- 
tuple is used to associate rules with the packet or, if the packet is not associated with any rules, 
for classification which involves searching the N-tuple elements against a rule set (Terzis, page 
6, [0083-0084]). Moreover, claim 1 is not directed to "determining whether the application is 3- 
tuple or 5-tuple." Indeed, a set of values in a tuple describes what information is available to 
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instantiate the template, rather than to determine "whether the application is 3-tuple or 5-tuple," 
as stated in the Office Action. 

Furthermore, claim 1 is directed, inter alia, to creating at least one policy for the 
application. In contrast, in the cited portion, Terzis describes an exemplary flow chart of rule 
application (Terzis, Fig. 10, page 6, [0083]) (emphasis added). In Terzis, the process of rule 
application starts when a packet is received 1 100 by a MACSS, where the MACSS looks at flow 
identification data (e.g., source port, source IP address, destination port, destination IP address, 
IP protocol, VLAN-ID) within the header of the packet (Terzis, Fig. 10, page 6, [0083]) 
(emphasis added). The parameters that are collectively known as the N-tuple can be used to 
associate rules with the packet (Terzis, page 6, [0083]). 

Accordingly, Terzis describes that, to associate rules with a received packet, information 
in the header of the packet can be used. As should be understood by one of skill in the art, this is 
different from storing a local port when an application is initiated and binds a socket to the 
local port and, when parameters of the application match a condition in an application rule of the 
policy object model, instantiating at least one template using at least the stored local port to 
create at least one policy for the application. Indeed, a packet is different from the application 
that binds a socket to the local port, as claimed (emphasis added). Further, applying existing 
rules to the packet, as described in Terzis, is different from "instantiating a template using the 
stored local port to create at least one policy for the application is different from," as recited in 
claim 1 (emphasis added). Moreover, in contrast to claim 1, which recites that the local port is 
stored when an application is initiated and binds a socket to the local port, Terzis describes that 
the flow identification data is received as part of the header of the packet. 

Furthermore, the Office Action states Terzis teaches "After a frame has been classified its 
N-tuple and classification result are added to an identification database (an association is made). 
The packet then proceeds to be processed based on the associated rules." The Office Action then 
contends that "this is similar to the creation of the at least one policy for the application based 
upon the N-tuples." However, in this portion (Terzis, page 6, [0084]), the reference again 
describes classifying a packet based on the existing set of rules, rather than, when certain 
conditions are met, instantiating at least one template using at least the stored local port to create 
at least one policy for the application. 
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Thus, it should be clear that Terzis does not teach or suggest "when an application is 
initiated and binds a socket to a local port, at least the local port from the socket is stored, and 
when parameters of the application match a condition in an application rule of the policy object 
model, instantiating at least one template using at least the stored local port to create at least one 
policy for the application," as recited in claim 1. Lambert does not cure the deficiency of Terzis 
and was not cited as teaching the above limitation of claim 1. 

In view of the above, claim 7 patentably distinguishes over Terzis and Lambert, either 
alone or in combination, and is in condition for allowance. 

Claims 11-18 depend from claim 7 and are allowable for at least the same reasons. 

Accordingly, withdrawal of the rejection of claims 7 and 1 1-18 is respectfully requested. 

II. Independent Claim 19 

Claim 19 recites, inter alia, "when an application is initiated and binds a socket to a local 
port, at least the local port from the socket is stored, and, when parameters of the application 
match a condition in an application rule of the policy object model, instantiating at least one 
template using at least the stored local port to create at least one policy for the application." 

On page 13, the Office Action alleges that Terzis teaches this limitation of claim 19. 
However, as should be clear from the above discussion of Terzis, neither Terzis nor Lambert 
teaches or suggests this limitation of claim 19. 

In view of the above, claim 19 patentably distinguishes over Terzis and Lambert, either 
alone or in combination, and is in condition for allowance. 

Claims 20-23 depend from claim 19 and are allowable for at least the same reasons. 

Accordingly, withdrawal of the rejection of claims 19-23 is respectfully requested. 

III. Independent Claim 24 

Claim 24 recites, inter alia, "when an application is initiated and binds a socket to a local 
port, at least the local port from the socket is stored, and, when parameters of the application 
match a condition in an application rule of the policy object model, instantiate at least one 
template using at least the stored local port to create at least one policy for the application." 
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On page 19, the Office Action alleges that Terzis teaches this limitation of claim 24. As 
should be clear from the above discussion of Terzis, neither Terzis nor Lambert teaches or 
suggests this limitation of claim 24. 

In view of the above, claim 24 patentably distinguishes over Terzis and Lambert, either 
alone or in combination, and is in condition for allowance. 

Claims 25-3 1 depend from claim 24 and are allowable for at least the same reasons. 

Accordingly, withdrawal of the rejection of claims 24-3 1 is respectfully requested. 
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CONCLUSION 



In view of the foregoing amendments and remarks, this application should now be in 
condition for allowance. A notice to this effect is respectfully requested. If the Examiner 
believes, after this amendment, that the application is not in condition for allowance, the 
Examiner is requested to call the Applicants' representative at the telephone number indicated 
below to discuss any outstanding issues relating to the allowability of the application. 

If this response is not considered timely filed and if a request for an extension of time is 
otherwise absent, Applicants hereby request any necessary extension of time. If there is a fee 
occasioned by this response, including an extension fee, that is not covered by an enclosed 
check, please charge any deficiency to Deposit Account No. 23/2825 under Docket No. 
Ml 103.70168US00 from which the undersigned is authorized to draw. 

Dated: March 23, 2010 Respectfully submitted, 




JtfOLF, GREENFIELD & SACKS, P.C. 
600 Atlantic Avenue 
Boston, Massachusetts 02210-2206 
617.646.8000 



1871776.1 



